Hot!Really Poor SMB performance

Really Poor SMB performance

Fortinet to Fortinet, 100E to 60E, IPSec Tunnel, gigabit connection on the 100E and 400mbit on the 60E.SMB transfers are slow, about 2 or 3mbps.

Have adjusted tcp-mss in the IPV4 policy for the indicated branch and on the IPSEC interface itself to 1306 (which is low but higher doesn't matter, when left at default it was fragmenting so I lowered it)

OK it does interrupt service but only for a second or so. Also, it doesn't have any effect. I in fact already had it set on both sides of one of the tunnels (from a 200E to a 100E). Still only getting about 8mbit/sec on gig links . . .

Atsak, did you try latest IPS engine(interim one) where was made some SMB performace improvements?Please rise a ticket with support in order to provide you the latest interim IPS engine.BTW, which firmware is in problem?

IPS is disabled.A ticket is open with Support, they have not replied (two days too better follow up)Firmware is 5.6.3 build 1547 on both

Really important to note - the issue only exists between 60E and the datacenter 100E. IN offices where we have a Juniper, this doesn't happen, throughput is normal (maxes out CPU on the Juniper SSG 5's at around 40bmit). This makes me think its a PMTU or tcp-mss setting, but I don't know which one to toggle to fix it. This has to be a common problem I would think no?

If you find something please let me know as well. I've been looking for a long time and have come up empty handed. The one thing that has helped was enabling NAT on the tunnel but was barely noticeable. The command below was run on both ends (only effective if Fortinet to Fortinet)